1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead...
-
Upload
cathleen-bryant -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead...
![Page 1: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/1.jpg)
1
Azure™ Services Platform
Microsoft .NET ServicesA Closer Look
Clemens VastersTechnical LeadMicrosoft Corporation
![Page 2: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/2.jpg)
What is a Service Bus?Connectivity ChallengesNamingService Registry and DiscoveryMessaging, Connectivity and Events
Agenda
![Page 3: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/3.jpg)
Internet Service Bus
Service Orchestration
Service Registry
NamingFederated Identity and
Access Control Messaging Fabric
Clients MS/3rd Party ServicesOn-Premise ESB
ESBDesktop, RIA, Web
Desktop, RIA, & Web
Your Services
![Page 4: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/4.jpg)
IPv4 Address ShortageDynamic IP address allocationNetwork Address Translation (NAT)
Internet is pwn3d by the bad guysFirewalls layered over firewalls over firewalls
Connectivity Challenges
Sender Receiver?Machine Firewall
Network FirewallNetwork Address Translation
Dynamic IP
![Page 5: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/5.jpg)
Dynamic DNSNAT Port Mappings / UPnPOpen Inbound Firewall Ports
How Do People Deal With It?
Sender Receiver?Machine Firewall
Network FirewallNetwork Address Translation
Dynamic IP
Brittle, Difficult, Insecure – and sometimes – Impractical Consequence: We see recurring patterns of workarounds
![Page 6: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/6.jpg)
Any Instant Messaging/Communication App
Access Control, Relay, Direct ConnectAny Multiplayer Game
Access Control, Relay, Direct ConnectAny Home Media Integration System
Access Control, Relay, Direct ConnectAny Enterprise Integration System
Access Control, VPN/VAN
Who needs it?
![Page 7: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/7.jpg)
Service Bus – Naming
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
![Page 8: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/8.jpg)
Service Bus Naming
Federated, hierarchical, DNS-integrated, transport-neutral naming system
Root
Solution
Solution
Solution
NameB
NameC
Name1
Name2
Name3
NameA
![Page 9: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/9.jpg)
9
Anything wrong with DNS?
DNS has some practical constraints:High update propagation latencyIncreasing pollution by ISPs (“DNS assistance”)Names hosts, not servicesLimited write-access model (often out-of-band)
Service Bus Naming SystemR/W access with access control via RegistryUpdates reflected instantaneouslyNames name endpoints, not machines
![Page 10: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/10.jpg)
10
Canonical Form of URI Projectionsscheme://naming-scope/name/name
Root
X
Y
Z
B
C
1
2
3
A
URI ‘Host’: Naming AuthorityURI ‘Path’: Federated Name Structure
![Page 11: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/11.jpg)
11
Global Naming Structure (PDC)
scheme://servicebus.windows.net/services/solution/name/…
Root SBWN services
solution
2
3
name
Required Prefix
![Page 12: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/12.jpg)
Global Naming Structure (Post-PDC)
Root
Solution
Solution
Solution
NameB
NameC
Name1
Name2
Name3
NameA
scheme://solution.servicebus.windows.net/name/…
![Page 13: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/13.jpg)
Service Bus – Service Registry
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
![Page 14: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/14.jpg)
14
Service Registry
The service registry is registry for service endpoints, not a general purpose directoryRegistry is layered over the naming systemProvides programmatic access to naming
Discover: Atom 1.0 feed hierarchyPublish: Atom Publishing Protocol, WS-Transfer
Naming
Service RegistryClient
AtomPub
WS-Transfer
![Page 15: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/15.jpg)
15
Registry Feed Structure
Accessing the root registry feed for solutionshttp://servicebus.windows.net/services/solution/Root of a hierarchy of feeds
Naming Root SBWN services
svc
solution svc
solution
Client
AtomPub
WS-Transfer
![Page 16: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/16.jpg)
Services in Registry Feeds<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://connect.biztalk.net/services/my/svc" rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://cbn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>
![Page 17: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/17.jpg)
17
.NET Service Bus Registry
demo
![Page 18: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/18.jpg)
Service Bus – Messaging
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
![Page 19: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/19.jpg)
Primary Programming Model: WCFFamily of Bindings for the Service Bus
Service Bus - Messaging
Corresponding WCF Binding Service Bus Relay Binding
BasicHttpBinding BasicHttpRelayBinding
WebHttpBinding WebHttpRelayBinding
WSHttpBinding WSHttpRelayBinding
WS2007HttpBinding WS2007HttpRelayBinding
WSHttpContextBinding WSHttpRelayContextBinding
WS2007HttpFederationBinding WS2007HttpRelayFederationBinding
NetTcpBinding NetTcpRelayBinding
NetTcpContextBinding NetTcpRelayContextBinding
n/a [loosely related to NetMsmqBinding] NetOnewayRelayBinding
n/a [loosely related to NetTcpPeerBinding] NetEventRelayBinding
![Page 20: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/20.jpg)
Works just like WCF:Envelopes: SOAP 1.1, SOAP 1.2, NoneAll WS-* end-to-end security scenariosTransport-level message path protection (SSL)Reliable Messaging, StreamingFull Extensibility ModelWeb programming model (WebGet/-Invoke)Metadata Exchange
Not supported:(By Design) Atomic Transaction Flow(By Design) Protocol-level transport authentication(PDC Issue) WebScriptingBehavior JavaScript proxy(PDC Issue) Direct Tcp Modes with RM or WS-* Sec.
WCF Relay Bindings For WCF Pros
![Page 21: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/21.jpg)
NetOnewayRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outb
ound
conn
ect o
ne-w
ay n
et.tc
p TCP/SSL 828
BackendNamingRoutingFabric
Frontend Nodes
TCP/SSL 808/828
outbound connect bidi socket
Msg Msg
NATFirewallDynamic IP
SubscribeRoute
NLB
![Page 22: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/22.jpg)
NetEventRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outbound connect bidi socketoutb
ound
conn
ect o
ne-w
ay n
et.tc
p TCP/SSL 828
BackendNamingRoutingFabric
Frontend Nodes
TCP/SSL 808/828
Msg Msg
SubscribeRoute
Receiver
outbound connect bidi socketTCP/SSL
828
Msg
![Page 23: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/23.jpg)
23
One-Way Messaging and Events
demo
![Page 24: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/24.jpg)
NetTcpRelayBinding / Relayed
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
1
2
3
4
Socket-SocketForwarderoutbound
socke
t
connect
outbound socket
rendezvous
Ctrl
TCP/SSL 818
OnewayRendezvous
Ctrl Msg
NLB
![Page 25: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/25.jpg)
NetTcpRelayBinding / Hybrid
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
rela
yed
conn
ect
OnewayRendezvous
Ctrl Msg
relayed
rendezvous
TCP/SSL 818, 819
NAT
Prob
ing NAT
Probing
NAT Traversal Connection
upgr
ade
upgrade
![Page 26: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/26.jpg)
26
TCP-based Connections
demo
![Page 27: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/27.jpg)
[WS|Basic|Web]HttpRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
1
2
3
4
HTTP-SocketForwarder
HTTP
HTTPS
request
outbound socket
rendezvous
Ctrl
HTTP/S80/443
OnewayRendezvous
Ctrl Msg
NLB
![Page 28: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/28.jpg)
28
HTTP Based Connections
demo
![Page 29: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/29.jpg)
Service Bus – Access Control Integration
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
![Page 30: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/30.jpg)
30
Receiver
Access Control
STS
Service BusRelay
RST/RSTR
AcTk
Token Header
AcTk
#Listen
Relay Access Control Model - ListenerAcquire
Access Token#Listen
Pass Access Token with
Subscription
1
2
Token Evaluated
3
![Page 31: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/31.jpg)
31
ReceiverSender
Access Control
STS
RST/RSTR
Service BusRelay
AcTk
Token Header
AcTk
#Send
Relay Access Control Model - SenderAcquire
Access Token#Send
Pass Access Token with Message
Token Evaluated and
Removed
Message Passed on to
Receiver
1
23
4
![Page 32: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/32.jpg)
32
Integrated Access Control
Access Control Governed by RulesManaged in the Access Control ServiceServices must be authorized to listen in namespaceEvaluation of all claims in the cloudNo notion of “identity” in the relayed service
Service can turn off client access controlLocal evaluation of end-to-end claimsFull control over authN/Z model (but less protection)
Clean composition w/ standard SOAP/HTTP model
WS-Security Header reserved for E2E Message SecurityTransparent to HTTP-Header AuthN/AuthZ schemes
![Page 33: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/33.jpg)
33
.NET Access Control
demo
![Page 34: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/34.jpg)
34
Notes on Security
We encourage you to hide your payloadsUse WS-Security to protect end-to-end pathYou own all keys used to protect payloads
Transport securitySSL channels terminate in the Service BusSocket connections relayed on-machineOneway/Event relayed on backend fabric
What do we look at in the Service Bus?SOAP: Action/wsa:Action, wsa:To, wsa:ActionHTTP: Method, URIAccess Tokens
![Page 35: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/35.jpg)
Service Bus – Workflow Integration
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
Workflow
![Page 36: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/36.jpg)
36
.NET Workflow Services
demo
![Page 37: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/37.jpg)
37
Q & A
![Page 38: 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.](https://reader035.fdocuments.net/reader035/viewer/2022062518/5697bf931a28abf838c8fbb9/html5/thumbnails/38.jpg)
38
Summary
Pervasive, Secure Connectivity for ServicesSecure NAT Traversal, “DMZ in the sky”
WCF-Integrated Programming Model